IETF Logo Mail Archive

Re: [OPSEC] minutes part 2

"Glen Kent" <glen.kent@gmail.com> Tue, 23 December 2008 17:18 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AD953A6B15; Tue, 23 Dec 2008 09:18:40 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6DB083A67A1 for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 09:18:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3C7HvQ3xsqR for <opsec@core3.amsl.com>; Tue, 23 Dec 2008 09:18:38 -0800 (PST)
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by core3.amsl.com (Postfix) with ESMTP id 2F10B3A6A34 for <opsec@ietf.org>; Tue, 23 Dec 2008 09:18:37 -0800 (PST)
Received: by mu-out-0910.google.com with SMTP id w1so1372037mue.9 for <opsec@ietf.org>; Tue, 23 Dec 2008 09:18:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=kRwNWvpKH3BxDpxjHvOZxPtCxF0ORvi4s34OpU11UzY=; b=sakVLBIkVNrP14sgiKBzjZb2VQB8LagN5iSlix0ogNckJC1+W+bN3ptATlTNSe/b9P wOLwfxCWVjqDiZpHSTM6A82MV1lJHQCuRpG7Y4jQAzHiNjysNFvYOpfZPODGu/xgEr3d XF5w/hUqjtLeJS4qJP0WuraiqQIxGeDcAT5tg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=wn0yyZ631aXyOKDb5A3Cw3+mpg2oxoNualCXCT9GGVrSdx7lGRJ0vBo5b+VAO6NLQF o76ZeshaLV+OFQcmM5JT6e4oI8t7InIn6ybuwHIpXJh4BssYworOeGpgv9mnteBKEfSY QaJHAoktHhq1TQdqdQUCXEq8Fh/JEGJKoWBrY=
Received: by 10.103.240.15 with SMTP id s15mr2835437mur.82.1230052707280; Tue, 23 Dec 2008 09:18:27 -0800 (PST)
Received: by 10.103.160.12 with HTTP; Tue, 23 Dec 2008 09:18:27 -0800 (PST)
Message-ID: <92c950310812230918t751a6cat1fca546dad2b55ad@mail.gmail.com>
Date: Tue, 23 Dec 2008 22:48:27 +0530
From: Glen Kent <glen.kent@gmail.com>
To: R Atkinson <ran.atkinson@gmail.com>
In-Reply-To: <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <EC3F7E1D-F7C8-484A-A0C0-1A25E79AD86E@extremenetworks.com> <77ead0ec0812160927j77bf42c6mbccef8ccf55d1e16@mail.gmail.com> <90F75653-21D6-4D2B-9472-52F2BDF7510D@gmail.com> <77ead0ec0812161118l3ca37732m541deb4c716a8f42@mail.gmail.com> <0C823E84-78EE-4234-9AD8-20688B0F8F55@gmail.com> <77ead0ec0812161616r5cc782c5j69415f75d4aa82bb@mail.gmail.com> <7EBC9C5C-EDF9-4CDD-8E1B-B9D05656ACAA@gmail.com> <494D48B6.9090302@bogus.com> <77ead0ec0812222113m28f91093ke6512a5d7a287b0c@mail.gmail.com> <1D5F3F5F-4357-4E25-BEDE-35300949EDB8@gmail.com>
Cc: opsec@ietf.org
Subject: Re: [OPSEC] minutes part 2
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

>
> Given the relatively recent information indicating "serious
> attacks" on SHA (the quote is from NIST [1]), including an
> acknowledged attack on SHA-1 [2], previous beliefs that SHA
> might be stronger are no longer supported by the science at hand.
> MD5 is also subject to "serious attacks" that have been published.
> So the data available says that both SHA and MD5 have cause
> for serious concern.

OSPF WG charter (http://www.ietf.org/html.charters/ospf-charter.html)
says "Nov 2008	Develop stronger authentication mechanisms for OSPFv2
and submit to IESG as a Proposed Standard". It is against this charter
item that they're probably working on the
draft-ietf-ospf-hmac-sha-03.txt. You might want to let them know that
its not good enough, as SHA has same problems, if not any worse, than
MD5.

You also might want to look at
http://www.ietf.org/proceedings/07mar/slides/ospf-3/sld2.htm which
tells you why this particular draft was adopted as a WG doc.

And isnt it ironic that you are also the author of RIP for SHA support
(RFC 4822) and IS-IS extensions for SHA
(draft-ietf-isis-hmac-sha-07.txt)? If there is no need for these,
except for one customer that you tout, then you should have probably
called these RFCs and drafts as RIP-SHA for <customer name> and
ISIS-SHA for <customer name>. Why an RFC if they offer no benefit to
the community? I am surprised, really I am, as to why you have still
not drafted an OSPF SHA extension for your_favorite_customer?

Glen
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email